null pune meet - wireless security

© ClubHack http://clubhack.com

Wireless Security

The breaking and fixing

© ClubHack http://clubhack.com

History

© ClubHack http://clubhack.com

Types of Security

• OPEN : No security configured X– Obviously not advised– Data is in the air in plain text and anyone can read it

• WEP : Wired Equivalent privacy X– Was broken years ago and takes 15 min to break in– Very week and not recommended– Accepts only hexadecimal password

© ClubHack http://clubhack.com

Types of Security…

• WPA: Wi-Fi Protected Access √– Much better than WEP– Accept long password and with all possible

combinations– Easy to setup, as easy as WEP– Available in all the common wi-fi routers– A must for all home users– Will take a looong time to break in

© ClubHack http://clubhack.com

Types of Security…

• WPA2: Advance Wi-Fi Protected Access √√– Better than WPA– Takes little more pain to setup– Advised in corporate environments– Strong encryption and authentication support

© ClubHack http://clubhack.com

Wireless Security Standards

© ClubHack http://clubhack.com

Description of WEP Protocol• WEP relies on a shared secret key (64 bit/128 bit) which is

shared between the sender (client) and the receiver (Access Point).

• Secret Key - to encrypt packets before they are transmitted

• Integrity Check - to ensure packets are not modified in transit.

• The standard does not discuss how shared key is established. In practice, most installations use a single key which is shared between all mobile stations and access points. 7

© ClubHack http://clubhack.com

CHAP Authentication

Supplicant Authenticator

username

challenge

response

Accept/reject

How WEP works

IV

RC4key

IV encrypted packet

original unencrypted packet checksum

WEP Cracking Demo

© ClubHack http://clubhack.com

Immediate Solution

• WPA– Easy to configure– Every home router has this– No special hardware or software required– Boost security level to a comfortable level

© ClubHack http://clubhack.com

How to configure WPA

• Open the configuration of your wi-fi device• Go to wireless setting• Under security option, select any one

– WPA– WPA-PSK– WPA-Personal– WPA2-Personal

• Set a complex password• Change the login password of the wireless

router.• Done

© ClubHack http://clubhack.com

Example : Linksys

© ClubHack http://clubhack.com

Example : Netgear

© ClubHack http://clubhack.com

Example : ZyXEL

© ClubHack http://clubhack.com

Look for this

© ClubHack http://clubhack.com

Further Advised

• Change the router login password frequently– Atleast once a month

• Change the wireless WPA password also– Atleast once a month

• Avoid temptation to connect to open wireless just looking for free internet.

© ClubHack http://clubhack.com

What’s next (added security)

• We can configure DHCP more tightly.– Lets not keep an open pool where any one

can connect– Example

– I have 3 machines in my home (desktop/laptop/phone)– I’ll create a IP pool of 3 IPs only– I’ll do DHCP reservation using the MAC of these 3 IP– Effectively I’m not allowing any outsider machine to

connect

© ClubHack http://clubhack.com

What’s next (added security) …

• We can configure MAC binding.– Allow only MY machines to connect– Many access points support MAC binding– Any other machine will not be able to connect

to my Wi-Fi

© ClubHack http://clubhack.com

Not only terrorism, what else

• Connected to open network??– Attacker can read your mails– Attacker can see your password (even gmail)– Attacker can see your credit card numbers– Attacker can access confidential information

on your computer– Attacker can chat with your girlfriend posing

as you.

© ClubHack http://clubhack.com

So…

• 6 easy steps to counter 95% of attack on your wi-fi

• Secure your wi-fi today.

© ClubHack http://clubhack.com

Q & 42 ?

Rohit SrivastwaFounder, ClubHackrohit@clubhack.com

member